Privacy Transformation - Issue 227

Curated privacy news, insights & resources, with a focus on Irish and EU developments.


PRIVACY

TikTok fined €345m by Irish Data Protection Commission

The Irish Data Protection Commission has fined video-sharing platform TikTok €345m for breaches related to the processing of children's data. It follows an investigation which began in September 2021 and focussed on the period from July to December 2020. The inquiry examined certain TikTok settings as they related to child users.

🔗 RELATED: DPC: Irish Data Protection Commission announces €345 million fine of TikTok

New EU-US data transfer deal also faces criticism in Germany

French lawmaker Philippe Latombe’s latest lawsuit at the EU’s top court, which could derail the new EU-US data transfer deal, has found support in Germany, where the two-month-old agreement is already facing widespread criticism.

✍️ EDPS: International cooperation in data protection: not an option, but vital to our tasks

Blogpost by EDPS Secretary-General Leonardo Cervera Navas on his participation in a high-level event titled "Data-protection in the Western Balkans and Eastern Partnership Region", in which he shares ways to build stronger convergence between DPAs from around the world.


SECURITY & TECH

EU-China Digital Dialogue seeks common ground on tech and data

Platforms and data regulation, AI research and innovation, cross-border flows of industrial data and the safety of online products were at the heart of the European Commission’s High-level Digital Dialogue with China, held in Beijing on Monday (18 September).

noyb: How mobile apps illegally share your personal data

noyb has filed three complaints in France against Fnac (the largest electronics store in France), the real estate app SeLoger and the fitness app MyFitnessPal.

Signal adds quantum-resistant encryption to its E2EE messaging protocol

Signal has announced that it upgraded its end-to-end communication protocol to use quantum-resistant encryption keys to protect users from future attacks.


ENFORCEMENT

Irish DPA: Irish Data Protection Commission announces €345 million fine of TikTok

The DPC has adopted its final decision regarding its inquiry into TikTok on 1 September 2023. This own-volition inquiry sought to examine the extent to which, during the period between 31 July 2020 and 31 December 2020 TikTok complied with its obligations under the GDPR in relation to its processing of personal data relating to child users of the TikTok platform. [Read Decision]

🔗 RELATED: Following EDPB Decision, TikTok ordered to eliminate unfair design practices concerning children

Irish DPA: Data Protection Commission welcomes latest successful prosecution of Marketing Offences

The Data Protection Commission welcomed the outcome of prosecution proceedings that were taken by it today at Cork District Court against Alpha Wealth Limited, a financial advisory company based in Little Island, Cork.

UK DPA: ICO issues half a million pounds in new fines as fight to tackle illegal nuisance calls continues

The Information Commissioner’s Office has issued fines totalling £590,000 to five companies for collectively making 1.9 million unwanted marketing calls which targeted the elderly and people with vulnerabilities.


GUIDANCE & OPINIONS

ICO: A 10 step guide to sharing information to safeguard children

The ICO publishes new guidance to address concerns from organisations and frontline workers that may be scared to share information for fear of falling foul of data protection law.

EDPB-EDPS:


RESOURCES

📚 DPC: Case Studies 2018-2023

The DPC has produced a booklet that contains 126 of our case studies from the first five years of the General Data Protection Regulation (GDPR). The case studies have been broken down by category and indexed, making it easier to find relevant examples, and are a valuable reference tool when exploring how the DPCapproaches complaints.

📕 Paper: Working Paper on “Smart Cities”

This paper by the Berlin Group presents a series of data protection and privacy principles relating to each of these stages of data use in a city context. These principles represent some of the stages of data protection by design and default.

📗 NIST: 800-188 De-Identifying Government Datasets

This document describes the use of de-identifcation with the goal of preventing or limiting disclosure risks to individuals and establishments while still allowing for the production of meaningful statistical analysis.

📙 Paper: A Matrix for Selecting Responsible AI Frameworks

Process frameworks provide a blueprint for organizations implementing responsible artificial intelligence (AI), but the sheer number of frameworks, along with their loosely specified audiences, can make it difficult for organizations to select ones that meet their needs. This report presents a matrix that organizes approximately 40 public process frameworks according to their areas of focus and the teams that can use them. Ultimately, the matrix helps organizations select the right resources for implementing responsible AI.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!